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///• Detailed Action 

Response to Amendment 

1. This Office Action is responsive to the amendment filed on January 20, 2004, in which 
claims 1, 10 and 19 were amended and claims 8-9, 17-18, and 26-27 were cancelled. 

Response to Arguments 

2. Applicant's arguments filed January 20, 2004 have been fully considered but they are not 
persuasive. 

The Applicant's argues that "the combined system of Gongwer and Alegre teaches a 
mechanism for sharing a single database session with multiple clients" while "the present 
invention is directed to a system that allows sharing a security context for a user between two or 
more database sessions". 

However, Gongwer discloses that session sharing includes a request, by an independent 
client application, to connect to an existing context of interaction with the data server, created 
previously by another independent client application (col. 3, lines 3-7). Therefore, it is this 
context of interaction or "session context" what is being shared, and not the "session" itself. In 
fact, Gongwer points out that "multiple sessions are sharing a session context" (col. 4, lines 23- 
24). 

According to Gongwer, this session context is the sum of all component Workspaces 
associated with a session (col. 3, lines 33-34). The Examiner infers that a "security context" is 
one of the component Workspaces associated with a session. Given that Gongwer discloses that 
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the invention can be used to share any session resources between cHents (col. 3, Unes 35-36), the 
Examiner infers that the invention can be used to share a security context between cHents (i.e. 
sessions). In fact, Gongwer points out that the security manager 18 can have a Securityspace 19, 
constructed similarly to the Workspaces 21 and Sessionspaces 25, to maintain exclusive security 
data across sessions (col. 4, lines 59-62). Therefore, the invention of Gongwer allows the 
sharing of a security context between multiple sessions. 

Claim Rejections - 35 USC § 103 
The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all obviousness 
rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

3. Claims 1-6, 10-15, and 19-24 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Gongwer et al (U.S. Patent 6,138,120 and Gongwer hereinafter) in view of Alegre et al. 
(U.S. Patent 6,199,1 13 and Alegre hereinafter). 

In regards to claims 1,10 and 19, Gongwer teaches a system for sharing a security 
context between different sessions on a database server (i.e. a system which formally supports 
the sharing of session, query, stored procedure, and transaction context across multiple, 
independent client applications) (col. 1, lines 58-61), comprising: 

receiving a request at the database server through a database session between the 
database server and an application on a database client (i.e. an originating application (client) 
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connects to a data server and creates a session, specifying that the session be brand new, and that 
the new session can be shared by future cHent connections) (col. 1, lines 44-47); 

looking up an identifier for an application client that identifies a client of the application, 
the identifier having been previously associated with the database session (i.e. the server 
recognizes the cHents by assigning a respective identifier, called a session handle, to each client) 
(col. 2, lines 1-4); 

using the identifier to look up the security context (i.e. exclusive security data) for the 
application client within a storage area (i.e. Securityspace) associated with the database server 
(col. 4, lines 59-62); and 

wherein the security context includes attributes related to the application client (i.e. 
additional information which can be used, for example, by the security manager to authenticate 
clients) (col. 12, lines 33-35); and 

allowing the application client to use the same security context through a second 
apphcation and a second database session (i.e. sessHandle2) by: 

receiving a second request at the database server through the second database session 
with the second application (i.e. passing the received workspace handle (wsHandlci) to the 
session manager as part of its session initialization procedure); 

looking up the identifier for the application client, the identifier having been previously 
associated with the second database session; and 

using the identifier to look up the security context for the application client within the 
storage area associated with the database server (i.e. updating the mapping table for this session's 
entry to reference the Workspace of the originating client) (col. 12, lines 47-65). 
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Gongwer does not teach: 

receiving the security context for the appHcation cHent from the database client; 
inserting the security context into the storage area associated with the database server so 
that the security context can be indexed by the identifier for the application client; and 
performing a database operation to satisfy the request; 

wherein performing the database operation involves enforcing access rights associated 
with the security context. 
Alegre teaches: 

receiving the security context for the application client from the database client (i.e. 
authentication server first receives the UID and PWD from login process as part of the initial 
login by the user at client browser) (col. 6, lines 24-27); 

inserting the security context into the storage area associated with the database server so 
that the security context can be indexed by the identifier for the application client (i.e. 
authentication database stores information defining which users may access resources on trusted 
network. Authentication database also stores user profile information that defines the types of 
access each user has to the resources on trusted network.) (col. 6, lines 29-33). 

performing a database operation to satisfy the request (i.e. if the session key is still vahd, 
access server performs the request) (col. 4, lines 63-63); 

wherein performing the database operation involves enforcing access rights associated 
with the security context (i.e. authentication database also stores user profile information that 
defines the types of access each user has to the resources on trusted network) (col. 6, lines 29- 
31). 
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Therefore it would have been obvious to one of ordinary skill in the art at the time of 
Applicant's invention to modify the teaching of Gongwer with the teachings of Alegre to include 
receiving the security context for the application client from the database client; inserting the 
security context into the storage area associated with the database server so that the security 
context can be indexed by the identifier for the application client; and performing a database 
operation to satisfy the request; wherein performing the database operation involves enforcing 
access rights associated with the security context with the motivation to achieve a higher level of 
security for a trusted network in order to allow access by users on the Internet in a controlled and 
secure manner (Alegre, col. 2, lines 33-35). 

In regards to claims 2, 1 1 and 20, Gongwer teaches wherein the request includes a 
database query (i.e. transaction) directed to a database (figure 1, element 5) on the database 
server (figure 1, element 10). The Office infers that conducting a transaction with a database 
server comprises directing a query to the database. 

In regards to claim 3,12 and 21, Gongwer does not teach wherein performing the 
database operation involves modifying the database query to enforce access rights associated 
with the security context. 

Alegre teaches wherein performing the database operation involves modifying the 
database query to enforce access rights associated with the security context (i.e. the trusted 
network access presentation information is created based on the user access profile, and thus 
includes only selection for accessing resources that the user has access to) (col. 4, Unes 44-47). 
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Therefore it would have been obvious to one of ordinary skill in the art at the time of 
AppUcant's invention to modify the teaching of Gongwer with the teachings of Alegre to include 
wherein performing the database operation involves modifying the database query to enforce 
access rights associated with the security context with the motivation to achieve a higher level of 
security for a trusted network in order to allow access by users on the Internet in a controlled and 
secure manner (Alegre, col. 2, lines 33-35). 

In regards to claim 4, 13 and 22, Gongwer does not teach wherein the identifier for the 
application client identifies a user of the application that is sending the request to the database 
server. 

Alegre teaches wherein the identifier for the application client identifies a user of the 
apphcation (i.e. user ED [UID]) that is sending the request to the database server (col. 4, lines 24- 
26). 

Therefore it would have been obvious to one of ordinary skill in the art at the time of 
Applicant's invention to modify the teaching of Gongwer with the teachings of Alegre to include 
wherein the identifier for the application client identifies a user of the application that is sending 
the request to the database server with the motivation to achieve a higher level of security for a 
trusted network in order to allow access by users on the Internet in a controlled and secure 
manner (Alegre, col. 2, lines 33-35). 

In regards to claim 5,14 and 23, Gongwer teaches wherein the database client is an 
application server that is sending the request to the database server (i.e. the clients are preferably 
application programs. The application programs can be executing on common computer or on 
distinct computers) (col. 2, lines 32-34). 
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Gongwer does not teach wherein the identifier for the application cHent identifies an 
application session between the application on the application server and the client of the 
appUcation. 

Alegre teaches wherein the identifier for the application client identifies an application 
session between the application on the appHcation server and the cUent of the appHcation (i.e. the 
packet may be created by merely concatenating a web server identifier, speaker object identifier, 
or other identifier, to the session key and URL request received fi'om the user). The Office infers 
that "other identifier" includes the use of an identifier of the application session between the 
application on the application server and the client of the application. 

Therefore it would have been obvious to one of ordinary skill in the art at the time of 
Applicant's invention to modify the teaching of Gongwer with the teachings of Alegre to include 
wherein the identifier for the application client identifies an application session between the 
appHcation on the application server and the client of the application with the motivation to 
achieve a higher level of security for a trusted network in order to allow access by users on the 
Internet in a controlled and secure manner (Alegre, col. 2, lines 33-35). 

In regards to claim 6, 1 5 and 24, Gongwer teaches receiving a request from the 
application to change the application session associated with the database session; and changing 
the appUcation session associated with the database session (i.e. applications can create, and 
actively share a session) (col. 11, lines 64-65). 
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4. Claims 7, 16 and 25 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Gongwer in view of Alegre as applied to claims 5, 14 and 24 above, in further view of Chatterjee 
et aL (U.S. Patent 6,243,751 and Chatterjee hereinafter). 

The teachings of Gongwer and Alegre have been discussed above. 

The combination of Gongwer and Alegre, however, does not teach further comprising 
facilitating connection pooling by periodically changing the application session associated with 
the database session in order to channel requests associated with multiple application sessions 
through the database session. 

Chatterjee teaches further comprising facilitating connection pooling by periodically 
changing (i.e. switching) the application session associated with the database session in order to 
channel requests associated with multiple application sessions through the database session (col. 
3, lines 39-55). 

Therefore it would have been obvious to one of ordinary skill in the art at the time of 
Applicant's invention to modify the teaching of Gongwer and Alegre with the teachings of 
Chatterjee to include further comprising facilitating connection pooling by periodically changing 
the application session associated with the database session in order to channel requests 
associated with multiple application sessions through the database session with the motivation to 
allow more users to use a server than the number of connections established with the server 
(Chatterjee, col. 3, lines 25-27). 
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Other Prior Art Made of Record 
5. A. Lo et al. (US Patent No. 5,809,505) discloses a system and method for relational 
to object mapping; 

B. Bowman- Amuah (US Patent No. 6,556,659) discloses a system for service level 
management in a hybrid network architecture; and 

C. Carpenter (US Patent No. 6,199,068) discloses a mapping interface for a 
distributed server to translate between dissimilar file formats. 

Conclusion 

THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1.136(a) will be calculated fi^om the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS fi"om the mailing 
date of this final action. 
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Points of Contact 



Any inquiry concerning this communication or earlier communications from the 



examiner should be directed to Edel H Quinones whose telephone number is 703-305-8745. The 
examiner can normally be reached on M-F (8:00 AM-5 :00PM). 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheik can be reached on 703-305-9648. The fax phone number for the 
organization where this application or proceeding is assigned is 703-305-3718. 

Any inquiry of a general nature or relating to the status of this application or proceeding 
should be directed to the receptionist whose telephone number is 703-305-3900. 
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